summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* explain the acronym "CRT"; suggested by tb@schwarze2019-07-132-6/+8
|
* Fix manual openssl(1) s_serverinoguchi2019-07-121-18/+94
| | | | | | | | | | | | | | | | | | | - Add undocumented options below. -alpn, -cert2, -certform, -dcertform, -dkeyform, -dpass, -dtls1, -key2, -keyform, -keymatexport, -keymatexportlen, -mtu, -named_curve, -no_cache, -no_ecdhe, -no_ticket, -pass, -port, -servername, -servername_fatal, -status, -status_timeout, -status_url, -status_verbose, -timeout, -tlsextdebug, -use_srtp, -verify_return_error - Remove -hack, -psk and -psk_hint since not exist in source code. I didn't add these 5 options since these were no-op. -chain, -legacy_renegotiation, -nextprotoneg, -no_comp, -no_ssl2 This option was removed from manual in the past. -no_ssl3 ok and suggestions from jmc@
* Using pthread_atfork instead of __register_atfork with uClibc on noMMUinoguchi2019-07-111-2/+2
| | | | | | | | uClibc on noMMU doesn't provide __register_atfork(). Reported by redbirdtek on Github issue. https://github.com/libressl-portable/portable/issues/538 ok bcook@
* Fix manual openssl(1) s_clientinoguchi2019-07-111-14/+80
| | | | | | | | | | | | | | | | | | - Add undocumented options below. -alpn, -certform, -dtls1, -host, -keyform, -keymatexport, -keymatexportlen, -legacy_server_connect, -mtu, -no_ign_eof, -no_legacy_server_connect, -pass -port, -serverpref, -sess_in, -sess_out, -status, -timeout, -use_srtp, -verify_return_error - Remove -psk and -psk_identity since not exist in source code. I didn't add these 4 options since these were no-op. -nextprotoneg, -legacy_renegotiation, -no_comp, -no_ssl2 This option was removed from manual in the past. -no_ssl3 ok jmc@
* Add missing option openssl dsa -modulusinoguchi2019-07-101-2/+8
| | | | ok bcook@ jsing@
* Group tls_{handshake,read,write,close}() return values documentation.jsing2019-07-091-21/+21
| | | | | | | | | | Move the documentation for tls_error() down so that both the special return values for tls_{handshake,read,write,close}() directly follow the standard return values for the same functions. Prompted by deraadt@. ok deraadt@ schwarze@
* Fix manual openssl(1) genrsainoguchi2019-07-091-6/+14
| | | | | | Add missing -camellia*/-idea description to genrsa section. ok jmc@
* Convert openssl(1) genrsa to the newer style of option handlinginoguchi2019-07-091-70/+183
| | | | ok tb@ jsing@
* Fix manual openssl(1) dsa, ocsp, rsa and smimeinoguchi2019-07-081-12/+56
| | | | | | | | | | | | | - dsa : add missing -pvk-none, -pvk-strong and -pvk-weak add pvk format to -inform and -outform - ocsp : add missing -header, -ignore_err, -no_explicit and -timeout - rsa : add missing -pvk-none, -pvk-strong and -pvk-weak add missing -RSAPublicKey_in and -RSAPublicKey_out add pvk format to -inform and -outform - smime : add missing -nosmimecap - add pvk description at common format part ok jmc@
* Clean up pvkfmt.cinoguchi2019-07-081-63/+66
| | | | | | | | | | | - Replace EVP_CIPHER_CTX_init with EVP_CIPHER_CTX_new and handle return value - Replace EVP_CIPHER_CTX_cleanup with EVP_CIPHER_CTX_free - Change two 'return -1;' to 'goto err;' for avoiding leak - Remove the case if enclevel == 0 - Change enclevel checking to make more consistent - Change all goto label to 'err' and insert space before goto label ok and advise from tb@
* Fix pvk format processing in libcryptoinoguchi2019-07-071-11/+11
| | | | | | | | - Return the valid pointer in i2b_PVK() - Use EVP_Decrypt* instead of EVP_Encrypt* - Fix error handling after BIO_write() in i2b_PVK_bio() ok tb@
* Fix manual openssl(1) pkcs12, req, verify and x509inoguchi2019-07-071-13/+76
| | | | | | | | | | - For pkcs12, add -camellia*/-idea, -LMK and -password - For req, add -multivalue-rdn, -pkeyopt and -sigopt - For verify, add -CRLfile and -trusted, and down -check_ss_sig description - For x509, add -next_serial and -sigopt - Remove the escape in -multivalue-rdn from ca section ok jmc@
* Fix manual openssl(1) ec, enc and pkcs7inoguchi2019-07-051-2/+9
| | | | | | | | - For ec, add -param_out description - For enc, add -v usage and description - For pkcs7, add -print usage and description ok jmc@
* improve verb-tense for explaining the calling convention of __deraadt2019-07-051-3/+3
| | | | ok guenther jmc
* Fix manual openssl(1) dgstinoguchi2019-07-051-3/+5
| | | | | | - Add undocumented option -r ok jmc@
* The last consumer of pre-posix realpath behaviour has stoppedderaadt2019-07-051-34/+3
| | | | | | | | requiring it (sftp-server). Remove the /exists///// behaviour from here. The /nonexistant behaviour remains in the kernel and needs to be shot next. There may be ports fallout, but we doubt it. ok beck djm
* Fix manual openssl(1) crlinoguchi2019-07-041-1/+13
| | | | | | - Add undocumented options -crlnumber, -hash_old, -nameopt and -verify ok jmc@
* Fix manual openssl(1) cainoguchi2019-07-041-8/+15
| | | | | | | - Add undocumented options -crlsec and -sigopt - Sync argument name between usage and options description ok jmc@
* snprintf/vsnprintf return < 0 on error, rather than -1.deraadt2019-07-038-25/+25
|
* Add cpuid support for arm64 so that we can recognize whichpatrick2019-07-023-3/+57
| | | | | | hardware crypto features are available. "no objections" kettenis@
* tweak previous; ok guentherjmc2019-06-301-5/+6
|
* Document that getcwd() and realpath() are built on system calls thatguenther2019-06-291-2/+16
| | | | | | | have a different calling convention than the standard function...as seen in kdump output. ok deraadt@ schwarze@
* When system calls indicate an error they return -1, not some arbitraryderaadt2019-06-2810-56/+56
| | | | | | value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
* failed to detect asprintf() error by observing return of -1, instead thederaadt2019-06-281-6/+3
| | | | | code was inspecting the pointer (which is, sadly, undefined on error, because the current specification of asprintf is crazy sloppy)
* Some asprintf() calls were checked < 0, rather than the precise == -1.deraadt2019-06-271-3/+3
| | | | ok millert nicm tb, etc
* The C89 standard only requires that atexit(3) returns a non-zero valueschwarze2019-06-271-5/+12
| | | | | | on error, so checking for -1 only is potentially non-portable. Also mention that the C89 standard does not require errno to be set. OK deraadt@ millert@
* Add more option tests to req, ts, x509 and verify in appstest.shinoguchi2019-06-271-17/+42
|
* check for asprintf failing allocationderaadt2019-06-271-1/+4
|
* Add more options test to ocsp in appstest.shinoguchi2019-06-241-7/+30
|
* Add more option test to dgst in appstest.shinoguchi2019-06-231-4/+33
|
* Add more option tests to ca in appstest.shinoguchi2019-06-221-8/+21
|
* tls_read() & tls_write() return 4 possible values: TLS_WANT_POLLOUT,deraadt2019-06-201-4/+4
| | | | | | TLS_WANT_POLLIN, -1, or 0. After handling the first two, check for -1 rather than vaguely "< 0". ok jsing
* sockatmark(3), recv(2), getsockopt(2), and connect(2) return specificallyderaadt2019-06-201-4/+4
| | | | | -1 to mark failure, not arbitrary values < 0. I believe manual pages should follow the described contract precisely and accurately.
* Move variables into struct in openssl(1) genrsainoguchi2019-06-191-25/+33
| | | | | | | - Move local variables in genrsa_main() to struct genrsa_config - Leave long lines more than 80, still ok bcook@
* Make BN_num_bits_word() constant time.tb2019-06-171-48/+18
| | | | | | | | | | | | | | | | | Previously, this function would leak the most significant word of its argument due to branching and memory access pattern. This patch is enough to fix the use of BN_num_bits() on RSA prime factors in the library. The diff is a simplified and more readable (but perhaps less efficient) version of https://github.com/openssl/openssl/commit/972c87df by Andy Polyakov and David Benjamin (pre license change). Consult that commit message for details. Subsequent fixes to follow in the near future. Issue pointed out by David Schrammel and Samuel Weiser as part of a larger report. tests & ok inoguchi, ok jsing
* Remove old realpath(3), and the userland-vs-kernel realpath verificationderaadt2019-06-171-334/+44
| | | | | | | | code. We now user the simple userland wrapper on top of __realpath(2). The non-POSIX behaviour still remains, that is the next component to fix. From a diff by beck, but I managed to chainsaw it a bit further. Tested in snaps for a couple of days. ok beck
* oops - missing .El in previous;jmc2019-06-151-1/+2
|
* realpath(3) doesn't use lstat(2), readlink(2), or getcwd(3) anymore,deraadt2019-06-151-21/+39
| | | | | | it is a thin wrapper over the syscall __readlink(2). Improve the list of possible errors. ok millert beck jmc
* Improve pages that briefly mentioned ERR - usually below SEE ALSO -schwarze2019-06-1420-124/+198
| | | | | but failed to provide any real information. OK tb@ jmc@
* Further improve the documentation of library initialization and configuration.schwarze2019-06-149-94/+126
| | | | | | | | | Among other improvements: * Use a uniform wording at the top of the DECSRIPTION for obsolete pages. * Better explain how to use a non-standard configuration file. * Remove obsolete functions from SEE ALSO. Triggered by some suggestions from tb@. Tweaks and OK tb@.
* Add more options to pkcs12 and smime in appstest.shinoguchi2019-06-131-10/+13
|
* Set malloc_options in global scope with an initializer.bluhm2019-06-122-10/+8
| | | | recommended by otto@
* add missing backlinks to ssl(3)schwarze2019-06-1231-64/+100
|
* List all 17 SSL pages that were missing.schwarze2019-06-121-51/+89
| | | | | | Split some excessively long lists into useful sub-categories. Add a new, very short subsection "Obsolete functions" at the end. OK tb@ jmc@
* Disable junking with malloc options. If set, the test hangs on lowbluhm2019-06-111-2/+5
| | | | | memory arm64 machines. found by patrick@; OK otto@
* delete references to ERR pages from SEE ALSO where suchschwarze2019-06-1035-115/+79
| | | | references were already given below RETURN VALUES right above
* Add pkcs12 options and smime tests for appstest.shinoguchi2019-06-101-8/+40
| | | | | - Add some options to pkcs12 test. - Add smime tests for encrypt, decrypt and pk7out.
* add links back to crypto(3) to function group entry pagesschwarze2019-06-1022-45/+70
| | | | | and to isolated obsolete pages; OK bcook@ jmc@
* remove pointless NOTES section header linesschwarze2019-06-089-27/+27
|
* Delete the display of the RSA_METHOD objectschwarze2019-06-081-70/+1
| | | | | | | | | | which is now supposed to be opaque. OK tb@ I checked that all the information contained in comments in the display is available from the appropriate places in RSA_meth_new(3) and RSA_set_flags(3). Note that the comments regarding "mod_exp", "init", and "finish" were half-misleading simplifications, anyway.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 15:59:14 +0000